From patchwork Mon Nov 13 17:46:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 743475 Delivered-To: patch@linaro.org Received: by 2002:a5d:67cf:0:b0:32d:baff:b0ca with SMTP id n15csp1753520wrw; Mon, 13 Nov 2023 09:47:41 -0800 (PST) X-Google-Smtp-Source: AGHT+IG7g/637cztlD/iSJWcGGusD4QRcOIluKmy6QrtLbjvYiW79v/Pr5xUqjCEepUslNdy44FV X-Received: by 2002:a0d:d4d7:0:b0:59b:fb69:1639 with SMTP id w206-20020a0dd4d7000000b0059bfb691639mr7897840ywd.32.1699897661394; Mon, 13 Nov 2023 09:47:41 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699897661; cv=none; d=google.com; s=arc-20160816; b=JPIkC4Zu11RDU6SOEOtH8IuHPky2vcifNO5ateb86LfVJhiv4X1WbU2KRQBdEOsE9A FUFcyKjSXi9BumJZ+xPlgV3XVTMPYwagZ1Yg4KIyBX9rM7/kHvGFlfJ3vZPhUd1kKW0U d76hh51Qj19hjFvTTodEL52NTbr2pAdW6Hd8+PojP7XsG7cTbe1+WBl2+gKEHn4cjMac jg4GTQknnfqdqXJRfzst/DllnLI1oOPxVQWG5aSGNyQL9tTam6x8nYvF/VF959Y8SMSO vHa3IrHpqP6OAibOuyPp76yzpOyj9IVPuk7fLeTEgHOdNPGe2fAGOWz6YMy+Y518Otsp 5NjQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:to:from :dkim-signature; bh=05kJ8El/iylLN0nD6QWUxl+Z5sjkndWtmUtzuzIy7ck=; fh=PnYt+qEB9tAfMKoqBm2xjKOFpYyFFGPudh5cVIoieJM=; b=EJKI4EbMyRA/lqFt1gGVWRhtZTZTXB8BfS1Z+zNseOKhzt/JOpYeRnh3O2H/m6yoe2 VWDkJEGO9RzDqFYGoma5IA46eS+RmPUJrZlRmfAcxmbj+mwQ2BO9MQcMgHGZ40nfJdWQ 9JVD2G/WSle3o1eUnwiCliJBY9OyEzYucuN0dVn7TWVdCkCeg2esUl/UzMA3KhvAr1Ia w+MTZTYPCTTTCNgVGiLiyaVvgmRIlNigg+qkc2szVHw9kKSOIO+A0xV0NC9IovswtJBk /f7PDz35RIbt6gYAcmuRa0XWRdmaQI2AgorJ5iTcrnPgX6P+AeQHCTnw2z5/kEmpj1Wr Nzyg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SDyObbPc; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id l15-20020ad44d0f000000b0066d212f6b65si4872501qvl.525.2023.11.13.09.47.41 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Mon, 13 Nov 2023 09:47:41 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=SDyObbPc; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1r2b1W-0007Mv-QQ; Mon, 13 Nov 2023 12:46:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1r2b1I-0006xi-Dq for qemu-devel@nongnu.org; Mon, 13 Nov 2023 12:46:47 -0500 Received: from mail-wm1-x32c.google.com ([2a00:1450:4864:20::32c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1r2b1E-0003Jn-Eo for qemu-devel@nongnu.org; Mon, 13 Nov 2023 12:46:44 -0500 Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-4094301d505so37227505e9.2 for ; Mon, 13 Nov 2023 09:46:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1699897598; x=1700502398; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=05kJ8El/iylLN0nD6QWUxl+Z5sjkndWtmUtzuzIy7ck=; b=SDyObbPclYkWcw8py3tEW2TmFuIPWKx6ShtPF+87AmBEMAlnZqtcakHOYz9m/TBd6h tdRgUy0iQTgnX0uGqWYtl0depFmrJoowLC89ol4E7G69dqfoKzzGPQ/qMG8hobe/H2s2 Mb2gfqZXywhYKm+4IttX/sQ0Zq/DP8XGZ0KkLuppM8u2IX3oReJ829rH2XKbjLMj8BFG Y352NsvBf8dyMCHqzwT88j1DWvAMvffxc7dFaFrSl+4DtPUjg3OL3RJTBcQZAC6/I4ad PwEgMJc8NR4a20v+uVCek9lhGOInMJQ48xoKhcw6c29zwfetjyMqlCvbNNAa0+LbUUNq JM1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1699897598; x=1700502398; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=05kJ8El/iylLN0nD6QWUxl+Z5sjkndWtmUtzuzIy7ck=; b=GSw+xMIK0OuzZFri78kDMKm9pRhPMlbHL8niqFgItmWTw80l3Mwf5P6nWbZ8s3xvHN /vlwO/rNZxeoVxpvEfXtgOxIAX81P+hXznsJ5UYpW/GSHBVbdMT7PKkLrdfTG71z7xP8 eS4iM+kwnEQzstbPLGywQUu7hzahE74qgdK+pRvBG3OMvlqyg97wRIxvM8LNeApfEcbw 6rSuN0tqAsE9HAwefxlDEYiizRto2XSS0+JTPPn+fyrjC7TVdHy0PT/J5BuUa8u6vixp 3cCsUVRl/gAtAdZKJtbR/7j4zEQ/lzGMNSfWpRyUjpDx3w6uRKRgNwWF/3dMpaiyvTQp V9wg== X-Gm-Message-State: AOJu0YwB8bKnFK2kcPjHs8ZboUQRPiDYqBLweqNlFqJqiyHRQL0Vzh92 8yQEL7eHW0LWzNo7351yFDB83h8jgea0GZtVRgA= X-Received: by 2002:a05:600c:1ca7:b0:3fe:f667:4e4c with SMTP id k39-20020a05600c1ca700b003fef6674e4cmr6143701wms.12.1699897598581; Mon, 13 Nov 2023 09:46:38 -0800 (PST) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 8-20020a05600c22c800b0040303a9965asm14391110wmg.40.2023.11.13.09.46.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 Nov 2023 09:46:38 -0800 (PST) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 3/4] target/arm: Correct MTE tag checking for reverse-copy MOPS Date: Mon, 13 Nov 2023 17:46:34 +0000 Message-Id: <20231113174635.2540484-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231113174635.2540484-1-peter.maydell@linaro.org> References: <20231113174635.2540484-1-peter.maydell@linaro.org> MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::32c; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org When we are doing a FEAT_MOPS copy that must be performed backwards, we call mte_mops_probe_rev(), passing it the address of the last byte in the region we are probing. However, allocation_tag_mem_probe() wants the address of the first byte to get the tag memory for. Because we passed it (ptr, size) we could incorrectly trip the allocation_tag_mem_probe() check for "does this access run across to the following page", and if that following page happened not to be valid then we would assert. We know we will always be only dealing with a single page because the code that calls mte_mops_probe_rev() ensures that. We could make mte_mops_probe_rev() pass 'ptr - (size - 1)' to allocation_tag_mem_probe(), but then we would have to adjust the returned 'mem' pointer to get back to the tag RAM for the last byte of the region. It's simpler to just pass in a size of 1 byte, because we know that allocation_tag_mem_probe() in pure-probe single-page mode doesn't care about the size. Fixes: 69c51dc3723b ("target/arm: Implement MTE tag-checking functions for FEAT_MOPS copies") Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Acked-by: Richard Henderson Message-id: 20231110162546.2192512-1-peter.maydell@linaro.org --- target/arm/tcg/mte_helper.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/target/arm/tcg/mte_helper.c b/target/arm/tcg/mte_helper.c index 70ac876105f..ffb8ea1c349 100644 --- a/target/arm/tcg/mte_helper.c +++ b/target/arm/tcg/mte_helper.c @@ -1101,10 +1101,18 @@ uint64_t mte_mops_probe_rev(CPUARMState *env, uint64_t ptr, uint64_t size, uint32_t n; mmu_idx = FIELD_EX32(desc, MTEDESC, MIDX); - /* True probe; this will never fault */ + /* + * True probe; this will never fault. Note that our caller passes + * us a pointer to the end of the region, but allocation_tag_mem_probe() + * wants a pointer to the start. Because we know we don't span a page + * boundary and that allocation_tag_mem_probe() doesn't otherwise care + * about the size, pass in a size of 1 byte. This is simpler than + * adjusting the ptr to point to the start of the region and then having + * to adjust the returned 'mem' to get the end of the tag memory. + */ mem = allocation_tag_mem_probe(env, mmu_idx, ptr, w ? MMU_DATA_STORE : MMU_DATA_LOAD, - size, MMU_DATA_LOAD, true, 0); + 1, MMU_DATA_LOAD, true, 0); if (!mem) { return size; }